How to get rid of SPAM on your CS account

(My personal war on SPAM to this account)

Background

My CS account was activated in 1994 or 1995, and was completely spam-free until about 2001. Spam was still a minor annoyance until early 2003, when it increased exponentially. I'd gotten used to this sort of problem with other accounts I set up with free services (like hotmail) in the past. With those types of accounts I'd get 100 junk mail messages within one day of signing up, but I'm not about to let that happen to my last working email address here at UNR.

Current method of attack

I'm currently using SpamBouncer from spambouncer.org. It seems to have the best approach to eliminating spam from the delivery end. It's basically a bunch of rules for procmail to run on every message that gets delivered to you. It's highly configurable, sorts your incoming mail, and gives you the option of bouncing mail back to the sender as undeliverable (my favorite), complaining to abuse desks, or just deleting it (sending it to /dev/null). You could write procmail recipes to do that yourself, but it's much easier to just configure these tools. SpamBouncer is also easily configurable to use a number of internet blacklists (mail from open relays, notorious spam ISP's, etc).

SpamBouncer has filters for "filter evasion" that check for invisible fonts, commented html, and other things you would never find in legitimate email. This has been catching nearly all spam sent in the last month, as most spammers have been using these techniques to confuse the Bayesian filters.

I'm still experimenting with this tool. If you want to try it yourself, here are some hints:


Previous attempts at killing spam

McAfee's SpamKiller

This is commercial software for Windows. I was using it until I discovered SpamBouncer. It gets all your email over a pop3 connection, and runs filters on it. Like SpamBouncer, it has "bounce to sender" and "complain to abuse desk" features, but the reply is delayed, so bouncing may not actually be fooling any spammers. I also had a problem once where it didn't download the email headers, and deleted all my email (since all messages were missing a "from" field). I was able to recover the email, but without headers--no return addresses, dates sent, subject lines, etc.

Another great feature of this program is that it incorporates a safe viewer. The only other safe viewer I'm aware of is Pine (which is what I usually use to read email). What makes it safe is that it doesn't automatically run scripts, follow links, or download remote pictures. Many spammers put links to web pages or pictures in their email so they can tell when you've read the message and add you to their "confirmed address" list.

Using the "Remove Me" links

In my more naïve days, I tried this anti-spam method. Doing so is, unfortunately, counterproductive. Most of those links don't actually point to valid addresses. The ones that do lure you to websites where the spam senders get revenue from advertising while you're there. Worse, by submitting your email address, you've just told the list operator that your email address is valid and worthy of being published on higher-priced lists. In fact, just visiting the page can have the same effect if the URL contains your email address or you clicked on the link from your email program.

I found that once I started submitting my email address to remove lists, I started getting more spam. It didn't take very long before the amount of spam was overwhelming and the email account was unusable. I definitely don't recommend following one of those links unless it comes from a well-known, respectable company.

Complaining to senders

This was another one of my earlier tactics. I tried replying to spammers, first asking for removal, then demanding it, then threatening to report the message to their ISP, and finally creating a fake auto-reply that indicated their message was blocked and it wasn't worth trying. What I accomplished was a steadily increasing supply of worthless junk mail. This method also isn't recommended. However, actually reporting junk mail to the abuse desk of an ISP can have a positive effect sometimes.